You are here

Definition of Terms Used in OCIO Policies and Reports

CURRENT STATUS: Use of a single definitions repository will support alignment and consistency in use of terms across various policies, standards or reports produced by this office. This glossary is being built as policies/standards are created or reviewed.

An application or system which has a direct impact on the delivery of services to department/agency employees, clients or consumers.

Business Continuity:

The activities performed by the agency to ensure critical functions are available to entities needing access to those functions. Business continuity is related to restoring normal day-to-day functions in the event of service disruptions. Business continuity planning is different than disaster recovery planning.

Continuity of Operations Planning (COOP)

The basic financial groupings of cost data. The smaller list simplifies reporting and provides a finance view of IT spend and represents the logical accounting buckets for IT charges. Cost Pools are mapped on the Chart of Accounts. For the State of Washington, Cost Pool mapping is generally done by mapping Objects, Sub-Objects, and/or Sub-Sub-Objects to a Cost Pool.

Websites, web applications, software systems, electronic documents, E-learning, multimedia and programmable user interfaces. This includes interacting with the technology, access and content. It does not include content that a user may encounter after leaving the covered technology (example: links to other web content).

A known system defect or enhancement request that if left unresolved could significantly impact business operations, compliance with statute or policy, the integrity of the system or data or otherwise create a public health, safety or other significant risk areas.

Other Facilities such as Computer rooms and MDF/IDF/telco closets that house IT equipment primarily supporting local building operations in corporate headquarters, call centers or other general purpose office buildings.

Disaster Recovery

Restarting technology operations after an outage using processes, policies and procedures prepared for recovery or continuation of mission-essential technology infrastructure after a disaster.

These processes are found in a DR Plan. DR is a subset of business continuity and COOP.

For the purpose of this policy, this is defined is the latest date a manufacturer will provide security patches. Some manufacturers have an end of mainstream support date and an extended end-of support date. In these cases, after the end of mainstream support, no additional software feature/function enhancements or fixes are issued but security patches are until the end of extended support. The recommended best practice is to migrate before end of mainstream support.

Software that allows agency support staff to not only manage a container on the mobile device, but also control the flow of information between the mobile device and agency computing resources such as collaboration software, cloud storage, shared applications. Additional functions may include: issuance, inventory tracking, policy enforcement on the device.

Executive Sponsor

The senior executive responsible to the agency and the State CIO/OCIO for the project.

Providing users with disabilities with content and interaction that is similar or identical to that provided to users without disabilities, in a form that produces a similar user experience. Users should be provided direct access to the same content unless providing direct access to that content is not possible due to technical or legal limitations.

A Quality Assurance (QA) provider's assessment of the project's use of project management best practices, as well as their assessment of deficiencies or gaps in the application of those best practices that may have an adverse impact on the project. Findings are assumed to require corrective actions.

The work of one or more professionals responsible for monitoring and assessing the health and effectiveness of project management plans and processes as well as an overall assessment of a projects's short and longer term risks. To preserve independence, the QA provider(s) report outside the project management organizational structure, generally to the project's Executive Sponsor and the State CIO. In Washington state government, independent Project QA is considered different than product or technical quality assurance which might include testing and other independent verification and validation activities.

Per RCW 43.105.020, "Information technology" includes, but is not limited to, all electronic technology systems and services, automated information handling, system design and analysis, conversion of data, computer programming, information storage and retrieval, telecommunications, requisite system controls, simulation, electronic commerce, radio technologies, and all related interactions between people and machines.

IT Resource Towers (ITRT) are functional IT groupings that can be used to benchmark to industry. They can be split into more granular ITRT Sub-Towers to gain visibility into specific functions within a tower. They also map up to utilization data in Accelerators, as well as to Applications and Services. The translation of financial information into functional IT towers (ITRTs) involves mapping from Cost Centers, and combining GL, Labor and Asset allocations.

Software that allows agency support staff to manage a “sandbox” or container on a mobile device where state data and applications can be added, deleted, or monitored. Additional functions may include: issuance, inventory tracking, policy enforcement on the device.

A Request for Proposal, a Request for Quote and Qualification, an interagency agreement proposal or an agency recruitment or any other effort that is intended to result in the acquisition or hire of a QA resource.

The QA Practitioners suggested course of action to address a negative Finding.

Recovery Point Objective (RPO):

The point in time, prior to a disruption or outage, to which essential data can be recovered after an outage. This defines the maximum level of data loss that is acceptable in the event of an outage or incident.

The capability of remaining or returning to a normal situation after an event by having multiple ways of performing a function. This may include people, processes or technology. Generally speaking, this means there would be no single point of failure that could stop a process.

Service Disruption:

An unplanned event that causes an information system to be inoperable for a period of time.

A set of best practices for running IT like a business - and more importantly for effectively and consistently (using a data-driven agreed upon framework) communicating not just the cost of IT, but also attributing that cost to business services. Key to TBM is the ability of IT and business leaders to have data-driven discussions about cost and value of IT to best support business goals.

Within the TBM Program, agencies are responsible for categorizing and documenting their costs to the program taxonomies. The TBM Program provides templates that agencies use to capture and submit categorization to the program.

This term, as used in TBM policy and accompanying standards is defined per our current TBM product. A ‘project’ is a discrete area within the product in which datasets, models, metrics and reports reside; these are configured according to specific business rules defined by the project administrator. Agency-specific projects allow for greater reporting accuracy than the multi-agency project, which allows less granularity and customization of business rules.

Undue burden means significant and unreasonable difficulty or expense.In determining whether an action would result in an undue burden, an agency shall consider all agency resources available to the program or component for which the covered technology is being developed, procured, maintained, or used.